Bugtraq mailing list archives
Re: NT RPC Hotfix
From: dsiebert () icaen uiowa edu (dsiebert () icaen uiowa edu)
Date: Thu, 23 Jan 1997 22:30:09 -0600
Microsoft just released a hotfix for the RPC vulnerability: ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP2/RPC-fix Their quick turn aroudn time leaves to shame Unix vendors that take weeks or months to provided a patch. Oh well.
What about all the real security problems and Win95 and NT they haven't fixed, some of which I've seen posted here. Please don't ask me for a list, I don't have to actively support MS stuff, luckily, so I don't pay a lot of attention, I just follow these growing lists with amusement remembering all the people who used to claim NT was more secure than Unix because it had a shorter bug list -- it just had fewer hackers banging on it but that is starting to change... MS probably just did this one quickly because it turned out it was easy to fix. And whoever they got inside MS when they called in this problem actually cared about fixing it. I find people like that in Unix vendors too once in a while. Too bad you can't just direct all problems you find to the people you know who really care. I've seen the discussion about making the stack non executable on x86 Unixes, but what about others, like HP-UX and so on? I know PA-RISC has a separate execute bit that can be assigned to a page, it sure would be nice to make the pages in the data quadrant (where the stack also lives) non executable. Is there a reason anyone knows about why they don't do this? The shared libraries live in quadrant 3 (and sometimes 4) It might not provide a solution for all the executable types, but the normal executables that are used in 99.999% of programs (including, I presume, all the system binaries) would be totally protected by this change instead of having to fix dozens of binaries one at a time as problems and attacks are identified. What I don't get is how you can have a company like DEC that is smart enough to mark the stack non executable, but not the data section? Is that for the benefit of the software translators? You'd think they could find a better way, like requiring some action on the part of the programmer (or different executable type) if they want to do this, rather than making it the default. Oh well. BTW, whatever happened to SoD and their HP bug of the week? There must be a lot of stack smashing bugs left in HP-UX (and every other Unix, unfortunately) I wonder if they are going to claim that HP paid them $2 million or whatever it was they wanted to shut them up :) -- Douglas Siebert Director of Computing Facilities douglas-siebert () uiowa edu Division of Mathematical Sciences, U of Iowa Ack! My reality check just bounced!!
Current thread:
- NT RPC Hotfix Aleph One (Jan 23)
- Re: NT RPC Hotfix dsiebert () icaen uiowa edu (Jan 23)
- AOL client port and possible security risk. Sami A. Yousif (Jan 23)
- Re: NT RPC Hotfix Darren Reed (Jan 24)
- <Possible follow-ups>
- Re: NT RPC Hotfix Brad.Powell (Jan 24)
- Re: NT RPC Hotfix Yuri Volobuev (Jan 24)
- GNU tar vulnerability Ben Elliston (Jan 24)
- [NTSEC] NT vulnerable to DOS attack on more than just port 135 Bob Beck (Jan 25)